PHI security using an interface engine

Jul 24, 2015

If health data interoperability is the hottest topic in health IT, then health data security is a close second by a very thin margin. Sharing health data without security assurances would be like watching a NASCAR event that prevented drivers from wearing seatbelts or helmets – sure it’s still a car race, but it’s unlikely every driver will walk away unharmed.

There are several safeguards available to the IT team to safeguard health data, yet either through negligence, bad luck, or bad intentions, health data security breaches continue to make headlines. The growing number of incidents reported by the press will no doubt effect patient confidence and trust, and more than likely harden the positions of those caregivers and healthcare admins who are resisting the changes occurring as the industry moves from the fee-for-service model to a modern system that places an emphasis on quality care.

There are myriad ways and solutions on the market that claim to protect health information. However, the hospital’s interface engine – the very application in charge with moving the PHI between applications – is rarely mentioned. While integration engines like the #1 in KLAS Corepoint Integration Engine aren’t data security, per se, they can help provide key insights that can provide key insights that help administrators identify problem areas and strengthen existing data security procedures.

The two key features in Corepoint Integration Engine that provide insights into data access are Audit Logging and Log Search.

Audit Logging, which happens to also a requirement in Meaningful Use for EHRs, allows engine users to record and view events such as any additions, deletions, changes, queries, printing, and copying of PHI. Logs files include the user IDs for any engine user who performed the listed actions, which is particularly helpful in determining where, how and when a data breach or HIPAA violation may have occurred.

The Log Search feature in Corepoint Integration Engine allows users to perform Google-like searches for specific message types across multiple connections. Log Search results contain the complete history of a message and criteria can be modified to drill down or broaden out to provide key insights about the message’s lineage, which shows where the complete transmission history of the message. Searches can be performed based specific data, a defined date range, and specific event types.

Whether or not you live by the age-old saying “An apple a day keeps the doctor away,” I think we can all agree that in terms of patient data and protected health information, prevention is indeed the best medicine.